Cyber Liability Vs. Database Coverage

July 29, 2011 No Comments »

There is a common misconception among those managing the risks of businesses that Cyber Liability automatically includes Database Coverage. It is logical to assume, based on the wording, but that would be a mistake.

Unlike a typical General Liability policy, Cyber insurance has no standardization of forms. Although the Cyber policy issued by some insurance companies would be broader, most respond to common technology accidents associated with computer networks: unauthorized access, virus, insider abuse of data, theft of intellectual property, loss of revenue, extortion, denial of service attacks, financial fraud, infringement of trade marks or copyrights, sabotage of data networks, public relations expense, notification expense and theft of personal and private information. BUT, in order to trigger a claim the loss must happen in the virtual world.

Cyber insurance is designed to close the gap between the physical and virtual worlds.

Database Coverage will respond for the loss of personal and private information in either the physical or the virtual worlds. This means that should a company have a hacker break into the system or an employee loses a cardboard box of files, either one can trigger the claim. The database policy will also cover the insured if the breach is caused by an employee.

In 2009, the total cost of a data breach rose to $204 per compromised record according to the survey from Ponemon Institute released in January of 2010. This is in large part due to new laws that require businesses to notify those affected by a security breach. Recently, many jurisdictions added the requirement that businesses notify anyone whose private information may be at risk after a breach occurs.

Database Insurance is needed by every company that collects personal and private information on their employees, customers, prospects or partners. This information would include: name, date of birth, social security number, bank account information, credit card numbers, drivers license numbers, medical records and other private information. NOTE: that I didn’t say technology company!  Every company needs to evaluate their exposure and decide how to address this issue.

Portions paraphrased from Larry Harb (www.ITRiskmanagers.com)
(1) 2009 Annual Study: U.S. Cost of a Data Breach (Ponemon Institute)

Leave a Reply